Google-Themed Phishing Attempt Hits Hard

5/8/2017

Phishing e-mail/App masquerading as a Google Doc tricks thousands.

It's a common occurrence in the academic setting: a e-mail from a school colleague, stating that they have shared a Google Doc with you. After all, group projects are often done concurrently by Google Doc, and who reads the permissions they grant Google Play applications?

Unfortunately, someone realized that by mimicking the well-known e-mail design, they could convince people to grant pervasive permissions to an application called 'Google Docs', allowing the attacker to gain access to contact lists and even e-mail contents.

Google has since taken steps to counter the attack, but nearly a million people gave carte blanche access to the contents of their Gmail account to an unknown attacker. Whether the steps Google has taken are enough to prevent similar attacks in the future using the OAuth feature, time alone will tell.

For more information about the steps Google is taking regarding the attack, try ZDNet's article.